CVE-2020-12850
HIGHPydio Cells Enterprise OVF <2.0.4 - Privilege Escalation
Title source: llmDescription
The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF (such as version 2.0.3) have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the appliance, the user pydio is responsible for running all the services and binaries that are contained in the Pydio Cells web application package, such as mysqld, cells, among others. This user has privileges restricted to run those services and nothing more.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://www.coresecurity.com/advisories
Exploit, Third Party Advisory x_refsource_misc
https://www.coresecurity.com/core-labs/advisories/pydio-cells-204-multiple-vulnerabilities
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/158002/Pydio-Cells-2.0.4-XSS-File-Write-Code-Execution.html
Scores
CVSS v3
7.0
EPSS
0.0049
EPSS Percentile
38.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
pydio/cells
2.0.4
Published
Jun 11, 2020
Tracked Since
Feb 18, 2026